Greetings from Brussels!
Being based here at the heart of the EU, it would be difficult to avoid mentioning Theresa May’s speech this week outlining a bold new global vision for Britain outside the EU single market. Considering the momentous change for the U.K. that will accompany Brexit (an equally impactful change for the EU), Theresa May seems to have delivered an address that softens the edges of a hard Brexit, which is feared in some quarters. Nevertheless, in laying out her plan, she vowed to fight back if she doesn’t get a good deal for the U.K. from the EU.
The British PM said she would press for an ambitious free-trade agreement with the EU while hoping to maintain partial membership of the EU customs union with continued tariff-free trade. “We are leaving the European Union but we are not leaving Europe,” she said. Her message seemed clear, the U.K. will exit the EU with a good deal, or no deal at all. She went on to add that leaving the EU was not intended to damage the EU, acknowledging the well-established friendship that has existed with the EU for more than 40 years. Moreover, there were also promises to continue to cooperate with the EU on defense and shared capabilities in intelligence to continue to combat terrorism. These are all welcome statements.
The hope is also for a phased and piecemeal approach to exit, which makes sense for both sides. Fair to say, business and employer stakeholders were waiting with bated breath as to what Teresa May would say; on the whole they might be more satisfied with the overall position — for now at least — then previously. If the U.K. PM can achieve all she has set out in her blueprint, she’ll have achieved it falling short of a "hard" Brexit — and that will be pleasing to many.
In other news, and more directly related to data protection, this week saw a press release from the WP29 announcing the adoption of its second Action Plan for 2017, complementing the 2016 priorities and outlining new objectives and deliverables for the coming year. The WP29 has committed to finalizing its work on topics already undertaken in 2016, including guidelines on certification and processing. This year is also likely to yield additional output on issues such as DPIAs, administrative fines, the setting up of the European Data Protection Board structure, and the preparation of the "one-stop shop" and the EDPB consistency mechanism.
In terms of new 2017 priorities, the WP29 has engaged to start work on producing guidelines on the topics of consent and profiling, continuing into the latter half of the year on the issue of transparency. As part of their consultative mechanisms, they will continue to engage with relevant stakeholders — business and civil society — who will be invited to a second Fablab event taking place 5 and 6 April to gauge views and comments on the new priorities. In support of the consultation process, it is also expected that relevant public consultations will be launched by at least some of the DPAs at the national level. Moreover, there are plans for an interactive workshop in May 2017, where non-EU counterparts will be invited to share and exchange views on the GDPR and its implementation guidance by the WP29.
All in all, a busy year ahead for our European authorities as they forge the new regime that is the GDPR. Most notably, it is encouraging to see an enhanced effort to dialogue with the international data protection community; this can only help to build an environment conducive to sound data protection practice globally, from which we all benefit.